rafael pass
play

Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional - PowerPoint PPT Presentation

Mar 27, 2023 •210 likes •757 views

Analysis and Design of Blockchains Rafael Pass Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The Permissioned Model Consistency Liveness Paxos/PBFT Traditional distributed systems: The

  1. Analysis and Design of Blockchains Rafael Pass Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi]

  2. Traditional distributed systems: The “Permissioned” Model ● Consistency ● Liveness Paxos/PBFT

  3. Traditional distributed systems: The “Permissioned” Model ● Nodes a-priori known and authenticated ● 30 years of distributed systems Paxos/PBFT ● Multi-party computation [GMW,BGW, ...] ○ Nearly all works assume authenticated channels

  4. The “Permissionless” Model: Bitcoin/Blockchain The Times 03/Jan/2009 Chancellor on brink of second bailout for banks .

  5. The “Permissionless” Model ● Nodes do not know each other a-priori The Times 03/Jan/2009 Chancellor on brink of second bailout for banks . ● Nodes come and go ● ANYONE can join ● No network synchronization Relatively little is known about this model

  6. The “Permissionless” Model ● Strong impossibility results known in the “permissionless” (“unauthenticated”) model [BCLPR05] ○ Consistency is impossible ○ Sybil attacks unavoidable. ■ [BCLPR05] defined “weakened” security model (w/o consistency)

  7. Nakamoto’s Blockchain [Nak’08] Prevents Sybil attacks with Proofs-of-Work Puzzles [DN’92] Claims blockchain achieves “public ledger” assuming “honest majority”: ● Consistency : everyone sees the same history ● Liveness : everyone can add new transactions

  8. Nakamoto’s Blockchain [Nak’08] Prevents Sybil attacks with Proofs-of-Work Puzzles [DN’92] Claims blockchain achieves “public ledger” assuming “honest majority” 2 amazing aspects: ● Overcomes permissionless barrier [BCLPR’05] ● Consistency : everyone sees the same history ● Liveness : everyone can add new transactions ● Overcomes ⅓ barrier even in permissioned setting [LSP’83] 2 amazing aspects: ● Overcomes permissionless barrier [BCLPR] ● Overcomes ⅓ barrier even in permissioned setting[

  9. Everyone wants a “blockchain” 9

  10. Nakamoto’s Blockchain: OPEN PROBLEMS ● WHAT IS a blockchain? ○ no definition of an “abstract blockchain” ● Does Nakamoto’s protocol achieve CONSISTENCY ? ○ “Specific attacks” don’t work [N’08,GKL’15, SZ’15] ○ 49.1% attack (with 10s network delays) claimed [DW’14] ● Is Nakamoto’s consensus OPTIMAL ? ○ Several issues known (load,latency,incentives)

  11. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  12. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  13. What is a blockchain?

  14. Idea: Use Proof-of-Work Puzzles to defend against sybil attacks Users have to do work to cast votes.

  15. How to build a “blockchain”

  16. elaine ➔ mariana : Ƀ 50 How to build a “blockchain”

  17. “Hash function” D > H ( , , ) How to build a “blockchain”

  18. puzzle solution Difficulty D > ( , , ) H Search for a puzzle solution

  19. puzzle solution Difficulty D > ( , , ) H Search for a puzzle solution

  20. D > H ( , , ) We found a new block

  21. D > H ( , , ) Best way to find a solution is brute- force search: model H as RO

  22. What if you join network and you see this.

  23. Honest nodes only “believe” longest chain

  24. Elaine → Mariana Elaine wants to erase this transaction

  25. Elaine → Mariana For Elaine to erase his transaction, he has to find a longer chain!

  26. Elaine → Mariana “If transaction is sufficiently deep, he cannot do this unless he has majority hashpower” ● [Nak’08]: “simply trying to mine alternative chain fails” ● [GLK’15]: in synchronous network ● [SZ’15]: “non-withholding attacks” fail also with Delta-delay networks

  27. Elaine → Mariana “If transaction is sufficiently deep, he cannot do this unless he has majority hashpower” ● [Nak’08]: “simply trying to mine alternative chain fails” ● [GLK’15]: in synchronous network ● [SZ’15]: “non-withholding attacks” fail also with Δ-delays

  28. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks ≤ k unstable ≤ k unstable

  29. Blockchain abstraction Future-self w/ prob exp(- k ) consistency Consistency: Honest nodes agree on all but last k blocks ≤ k unstable ≤ k unstable

  30. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks ≤ k unstable ≤ k unstable

  31. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks Chain quality: Any consecutive k blocks contain “sufficiently many” honest blocks k

  32. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks Chain quality: Any consecutive k blocks contain “sufficiently many” honest blocks Chain growth: Chain grows at a steady rate

  33. Blockchain implies “state machine replication” in the permissionless model Consistency Traditional “state machine replication” Chain quality Consistency Chain growth Liveness

  34. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  35. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  36. Theorem [P-Seeman-Shelat]: For every ρ <1/3 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - (1/3)/(2/3) = 1/2 ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  37. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  38. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) “Blocks are found SLOWER than Δ ” ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  39. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) ● Chain growth: O(1/ Δ ) “Blocktime” >> Δ where ρ adv’s fraction of hashpower, and adv controls the network

  40. “Appropriately set” When c = 60 (10 min blocktime, 10s network delays) Secure: ρ < 49.57 (contradicts [DW’14]’attack!) Attack: ρ > 49.79

  41. “Appropriately set” Mining rate of Network Delay Mining rate honest players of Adv

  42. Theorem [Security of Nakamoto] For every ρ <1/2, if mining difficulty is appropriately set (as a function of the network delay, and total mining power), Nakamoto’s blockchain guarantees a) consistency, b) chain quality 1 - ρ /(1- ρ ), and c) Chain growth: O(1/ Δ ) Theorem [Blatant attack]: For every ρ >0, for every mining difficulty, there exists a network delay such that Nakamoto’s blockchain is inconsistent and has 0 chain quality

  43. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  44. Nakamoto: ISSUES Terrible Not incentive performance compatible

  45. Bitcoin has terrible performance • Cost per confirmed transaction in Bitcoin: $6.20 • 7 tx/sec , 10 min TX confirmation time c.f. Visa credit card: average 2,000 tx/sec , peak 59,000 tx/sec [Source: K. Croman et al. On Scaling Decentralized Blockchains. In Bitcoin workshop, 2016.]

  46. Traditional BFT protocols are performant PBFT at ~100 nodes: Throughput: ~10,000 tx/sec Confirmation time: ~ seconds [Source: K. Croman et al. On Scaling Decentralized Blockchains. In Bitcoin workshop, 2016.]

  47. Hybrid consensus [P-Shi] Snailchain TXs BFT committee

  48. Hybrid Consensus: The idea k unstable k

  49. Hybrid Consensus: The idea k unstable k PBFT

  50. Hybrid Consensus: The idea k unstable k PBFT

  51. Hybrid Consensus: The idea k unstable k: PBFT Chain quality : ⅔ committee honest (if ¾ honest overall) Committee members sign each (seq #, tx) Chain growth : this won’t take too long Non-members count ⅓k Consistency : everyone agrees on committee

  52. Hybrid Consensus: The idea k unstable k: PBFT Achieves static security ● Committee members sign each confirmed (seq #, tx) Not adaptively secure ● Non-members count ⅓ k + 1 sigs ● Can deal with it using rotating committees

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi IC3 1 Blockchains Satoshi Nakamoto, 2009 Public database Shared &amp; maintained between network participants Blockchain agreement protocol

296 views • 15 slides
Analysis of the Blockchain Protocol in Asynchronous Networks Rafael Pass Lior Seeman abhi

Analysis of the Blockchain Protocol in Asynchronous Networks Rafael Pass Lior Seeman abhi

Analysis of the Blockchain Protocol in Asynchronous Networks Rafael Pass Lior Seeman abhi shelat Cornell Tech Uber Northeastern Traditional distributed systems: The Permissioned Model Consistency Liveness Paxos/PBFT The

636 views • 42 slides
+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern Cryptography is based on computational assumptions. [Shannon 1950s] easy OWFs, a central player: f {0,1} n {0,1} n Easy to compute f(x) Hard to find x

686 views • 24 slides
FruitChains: A Fair Bloc ockchain Authors: Rafael Pass, Elaine Shi presented by Han Zhang

FruitChains: A Fair Bloc ockchain Authors: Rafael Pass, Elaine Shi presented by Han Zhang

FruitChains: A Fair Bloc ockchain Authors: Rafael Pass, Elaine Shi presented by Han Zhang Nakamotos Blockchain A sequence of (mined) blocks = Assumption: Majority of the computing power is controlled by ( %&amp; , , ,

379 views • 9 slides
Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT &amp; BU Cornell Secure MPC

Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT &amp; BU Cornell Secure MPC

Black-Box Constructions of Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT &amp; BU Cornell Secure MPC Secure MPC Goal: Allow a set of distrustful parties to compute ANY function f on their own Secure MPC Goal: Allow a set

1.11k views • 98 slides
Instant Confirmation Rafael Pass and Elaine Shi Cornell Tech &amp; Cornell University

Instant Confirmation Rafael Pass and Elaine Shi Cornell Tech &amp; Cornell University

Thunderella: Blockchains with Optimistic Instant Confirmation Rafael Pass and Elaine Shi Cornell Tech &amp; Cornell University State-machine replication ( a.k.a. linearly ordered log, consensus, blockchain) State-machine replication ( a.k.a.

628 views • 49 slides
Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University Motivation Certificate Authorities (CA) issue certificates

454 views • 30 slides
Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr

Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr

Formal Abstractions for Attested Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr Trusted hardware: Different communities, different world views 2 Trusted hardware: Different communities,

929 views • 72 slides
Crowd-Blending Privacy Johannes Gehrke, Michael Hay, Edward Lui, Rafael Pass Cornell University

Crowd-Blending Privacy Johannes Gehrke, Michael Hay, Edward Lui, Rafael Pass Cornell University

Crowd-Blending Privacy Johannes Gehrke, Michael Hay, Edward Lui, Rafael Pass Cornell University Data Privacy Alice Users Bob Jack San . . . Database Jane mechanism Database containing data. E.g., census data, medical records, etc.

437 views • 19 slides
San Rafael City Council Age-Friendly San Rafael San Rafael Age-Friendly Task Force Members

San Rafael City Council Age-Friendly San Rafael San Rafael Age-Friendly Task Force Members

San Rafael City Council Age-Friendly San Rafael San Rafael Age-Friendly Task Force Members Chris Asimos, Caran Cuneo, Gail Gifford, Linda Jackson, Salamah Locks, Diana Lpez, Patty McCulley, Susie Pollak, and Sparkie Spaeth Process

235 views • 22 slides
For the LBECA Collaboration: Rafael F. Lang, Purdue University, rafael@purdue.edu S2 Only

For the LBECA Collaboration: Rafael F. Lang, Purdue University, rafael@purdue.edu S2 Only

LBECA: Pushing Xenon TPCs to Single Electrons For the LBECA Collaboration: Rafael F. Lang, Purdue University, rafael@purdue.edu S2 Only Channel XENON1T Exploit built-in amplification (proportional scintillation) Rafael Lang: LBECA, Your

392 views • 14 slides
U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the

U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the

U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the Algonquin Students Association sponsored a Universal Transit Pass Referendum which was passed and in March 2015 the U-Pass Agreement was formally

446 views • 10 slides
50% pass developmental credit course course pass take pass developmental credit credit

50% pass developmental credit course course pass take pass developmental credit credit

Calculating Success Co-Requisite Models # who # who # who # who take pass take pass 115 115 121 121 # who # who = Success Rate pass take 121 115 credit course 50% pass developmental credit course course pass take

633 views • 16 slides
U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot

U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot

U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot Program has completed 21 months of its 24- month pilot program, which will expire in August 2018. Through partnerships with colleges, U-Pass TAP

87 views • 8 slides
RFID based People-Object Direction of Pass Detection Ral Parada a , Joan Meli-Segu b , c and

RFID based People-Object Direction of Pass Detection Ral Parada a , Joan Meli-Segu b , c and

RFID based People-Object Direction of Pass Detection Ral Parada a , Joan Meli-Segu b , c and Rafael Pous a Universitat Pompeu Fabra (UPF) a Departament de Tecnologies de la Informaci i les Comunicacions (DTIC) Universitat Oberta de

1.14k views • 39 slides
QUINTESSENTIAL WINES San Rafael San Rafael is located in the Southern Region of Mendoza. With

QUINTESSENTIAL WINES San Rafael San Rafael is located in the Southern Region of Mendoza. With

QUINTESSENTIAL WINES San Rafael San Rafael is located in the Southern Region of Mendoza. With more than 118,000 residents, it is the largest city in Argentina. The rapid waters of the Diamante River and Atuel River, give birth to this

394 views • 14 slides
Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

8/27/2013 Dependability and Security with Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN WORKSHOP ON DEPENDABILITY AND

657 views • 26 slides
Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware

Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware

Dependability aspects of Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware Seminar topics 2016 Driver verification Exhaustive verification has become feasible for small software systems, such as

494 views • 7 slides
Automating Topology Aware Mapping for Supercomputers Abhinav Bhatele, Gagan Gupta Laxmikant V.

Automating Topology Aware Mapping for Supercomputers Abhinav Bhatele, Gagan Gupta Laxmikant V.

Automating Topology Aware Mapping for Supercomputers Abhinav Bhatele, Gagan Gupta Laxmikant V. Kale 1 1 Application Topologies Patch Compute Proxy

637 views • 44 slides
Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel

Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel Dresden, 2008-11-05 Motivation Byzantine Faults

681 views • 12 slides
Cryptographic Protocols Bank executes (valid) transactions. What is a Valid Transaction

Cryptographic Protocols Bank executes (valid) transactions. What is a Valid Transaction

Repetition: A Virtual Bank (1/4) 2 Alice $7535 Specification Bob $73227 Clara $8317 Bank keeps track of all balances. . . . Users send transactions to bank. transfer(Alice,Clara,$200) Cryptographic Protocols Bank

278 views • 5 slides
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds 1 Kirill Nikitin , 1 Eleftherios Kokoris-Kogias, 1 Philipp Jovanovic, 1 Linus Gasser, 1 Nicolas Gailly, 2 Ismail Kho ffi , 3 Justin Cappos, 1

1.16k views • 60 slides
Attack-Resilient Multitree Data Distribution Topologies Sascha Grau 1 Technische Universit at

Attack-Resilient Multitree Data Distribution Topologies Sascha Grau 1 Technische Universit at

Attack-Resilient Multitree Data Distribution Topologies Sascha Grau 1 Technische Universit at Ilmenau December 19th, 2012 1 This work was supported by the Deutsche Forschungsgemeinschaft under grant number KU 658/10-2. Sascha Grau (TU Ilmenau)

1.1k views • 51 slides
HH in gluon-gluon fusion Biggest cross section Only loop induced channel Exact NLO

HH in gluon-gluon fusion Biggest cross section Only loop induced channel Exact NLO

HH production: NLO+PS and top-quark mass effects in gluon fusion Eleni Vryonidou Universit catholique de Louvain In collaboration with: F. Maltoni and M. Zaro Phys.Lett. B732 (2014) 142-149 and JHEP 1411 (2014) 079 HPPC2015 Mainz 29/4/15

294 views • 12 slides

More recommend